If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Fast Track autopwn

Hey folks

I'm relatively new to the "scene" of security testing, so here's a very brief review of my problem.
I'm befriended with the administrator/webmaster of a website including a board (lastest release of BurningBoard software). I did some rather small things like securing my wireless-router, recoverings some self-made password-hashes with hashcat and so on.

Now I wanted to check if the website was vulnerable to any attacks. in order to do this, I used Fast Track, furthermore the db_autopwn function. Since it failed (0 sessions) I thought the website was secure. So just for fun I searched for my old Win95 PC and tried to get into it with Fast Track (also using db_autopwn). To my surprize, it failed again.
I tried some other PC's of friends and every attack failed.

So, what am I doing wrong? I know, db_autopwn is not really the best thing to do (automation is generally bad), but it should at least be able to find an exploit in a Win95-system which has never been updated.

I read lots of hours through the Fast Track-wiki, but nothing gave me answers

Re: Fast Track autopwn

Re: Fast Track autopwn

Try running the commands through msfconsole instead of using Fast-Track. I found that Fast-Track uses sqlite3 and also not db_connect which is the problem I had with it. I'm just reading up on it and trying to figure it out. I've had success using postgresql as a db_driver.

Re: Fast Track autopwn

Since you failed to mention specific services and ports, it sounds like you didn't ID any potential services/ports, and whether they are open across the various firewalls involved. I would suggest you learn OS's and networking protocols, and set up some vulnerable servers and learn to use the tool before you try it on live sites across the Internet.* And by "vulnerable servers" I mean something like DVL, or the original Win2000, and NOT Win95. Since Win9x did not have the same networking COM objects as the NT family, it wasn't as vulnerable as the later products.

*By the way, you may be committing a crime or at least breaking your ISP's TOS by running scans like this depend on several factors. Running such scans should only be done under contract, once you know what you're doing.

Re: Fast Track autopwn

There are many reports of exploits not working properly with the default database driver(sqlite). There are tutorials on these forums for using postgresql, try that and see if it helps. To test if autopwn is working at all try running a vulnerable service from "show exploits" and attacking the machine again. If it doesn't work try exploiting it manually. Great info on metasploit at Metasploit Unleashed - Mastering the Framework
Let us know how it works out for you.

Re: Fast Track autopwn

Originally Posted by Thorn

*By the way, you may be committing a crime or at least breaking your ISP's TOS by running scans like this depend on several factors. Running such scans should only be done under contract, once you know what you're doing.

I took the liberty of contacting his ISP to let them know of the situation. I also sent them a link to this thread.

Re: Fast Track autopwn

Originally Posted by Archangel-Amael

I took the liberty of contacting his ISP to let them know of the situation. I also sent them a link to this thread.

That's fine, although he may be OK. I just hate to see people get in deep trouble, when they are doing things out of shear ignorance. It really depends on the jurisdiction and ISP's TOS, but the average home-user connection specifically prohibits most things. Pen testing is a business, and needs to be done in a business-like manner. The fact that he mentions this as a "scene" shows that he's an amateur. The lack of a contract to proceed with a test, says "when things go wrong, feel free to sue me."

However, the main point wis that he's playing with tools that he doesn't know how to use properly, and he's doing it live on the Internet. He REALLY needs to set up a test lab and learn to use the tools, before he does anything else.